10-03-2008 1:14 AM
Hello Experts,
I have few user who is assigned to display the master data of personnel area 5400. Now an employee is moved from personnel area 5400 to personnel area 5900. And this user is still able to view the master data of 5900. How to stop that checking the authorization based on the historical data.
Please advise.
Thank you.
saplover
10-03-2008 1:54 AM
> I have few user who is assigned to display the master data of personnel area 5400.
Okay.
> Now an employee is moved from personnel area 5400 to personnel area 5900.
Okay.
> And this user is still able to view the master data of 5900.
Okay
> How to stop that checking the authorization based on the historical data.
You cannot code a back-dated authority-check, atleast not easily nor performance wise.
If the employee is moved, then records (which were also moved, created...) for the personnel area they have access to are subsequently visible to them as well, if they have access to that infotype, subtype, etc.
Perhaps you need to change their role, if they changed their job function??
Take a read through function module HR_READ_INFOTYPE for a better understanding. The HR objects are generally designed to give access for HR people... unless reporting people (in aggregated form => object P_ABAP...) or unless personally (object P_PERNR...).
Take a look in tcode SU21 for more infos.
Cheers,
Julius
10-03-2008 1:59 PM
in addition to the technicalities julius has stated above, I'd like to add that you should take a look at the ORGPD authorization switch.
this has an impact on determining teh period of responsability through organizational assignment.
here are some links to help you get started:
[AUTSW ORGPD|http://help.sap.com/saphelp_47x200/helpdata/en/e8/bab83b5b831f3be10000000a114084/frameset.htm|authorization switch ORGPD]
[determining the period of responsibility|http://help.sap.com/saphelp_47x200/helpdata/en/e8/bab83b5b831f3be10000000a114084/frameset.htm]
Edited by: Dimitri van Heumen on Oct 3, 2008 3:00 PM typos...
12-05-2008 3:29 PM
12-08-2008 9:33 PM
Hi SAPLover
Try to have a look at view T_582A (with SM30). if the "Access Auth" is Not checked for a specific infotype, the administrator has access to this infotype of an employee, if one of the employees organisational assignment falls into the administrators area of responsibility.
if it's checked the administrators access right are evaluated based on the Time Logic in SAP HR - see [saphelp|http://help.sap.com/saphelp_erp2005vp/helpdata/en/5b/4bba3b3bf00152e10000000a114084/frameset.htm]
Maybe this can do the trick ?
Regards
Morten